Slashdot Mirror
Student Financial Aid Database Being Misused
pin_gween writes "The Washington Post reports on the probable abuse of the National Student Loan Data System. The database was created in 1993 to help determine which students are eligible for financial aid. Students' Social Security numbers, e-mail addresses, phone numbers, birth dates, and loan balances are in the database. It contains 60 million student records and is covered by federal privacy laws. Advocates worry that businesses are trolling for marketing data they can use to bombard students with mass mailings or other solicitations. The department has spent over $650,000 in the past four years protecting the data. However, some senior education officials are advocating a temporary shutdown of access to the database until tighter security measures can be put in place."
its just a matter of time...everybody's personal data will eventually get misused
O rly?
I would never have guessed that these guys had anything to do with the 2-3 student loan consolidation offers I get per day...
I'm sure my future, not just this article, is
from the six-soliciations-per-day dept.Here's a thought- rather than worry about misuse of students addresses and social security numbers, why don't we address the two real problems:
1. We need to reign in junk mail; and
2. Financial institutions need to stop treating a social security number as some sort of password.
The Washington Post reports on the probable abuse of the National Student Loan Data System.
Well color me surprised. Or not. Anyone in the financial services industry is well aware that students are prime targets for all sorts of jacked-up offers. That data needs protecting, but the whole credit system in this country needs a major overhaul.
The theory of relativity doesn't work right in Arkansas.
The number of credit card offers you get in the mail your first year at college are ridiculous. At least, they were when I went, and I rather suspect the same is true today.
The goal is simple: hook them early, let them blow a wad of bills they don't have, and then get their parents to pay for it. For a true horror story on this, take a look at this example of a student who had no business getting a credit card getting one, and what happened. (Before you say it, this sort of thing doesn't just happen in South Korea.)
Only $650k over a few years to protect that much important data? That's about what the US spends on the Iraqi War _every_six_minutes_. What's wrong with this picture?
After I was done with school, I consolidated my loans with a company that I spent some time actually researching and making sure they were reputable. However, I kept getting 10+ mailings a month from companies wanting to consolidate my loans. Then the phone calls came. I tell them all that I have already consolidated, yet they continue. It is no surprise to me that they are probably getting my info from this database.
I got nothin'
If these consolidation companies would quite wasting so much money on marketing, and you know, actually offer better rates, they might actually get some business. Who am I kidding, this is America, a well marketed piece of crap gets ten times the volume of a quality product that slips under the radar.
As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable Slashdot 2.0.
I know *all* SSN, credit card, phone numbers and dates of birth and I'll gladly sell them to anyone at only 1c each.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
This past week I (a college student, with financial aid) got a letter stating I was pre-approved for a loan of $3,500 on condition of proving I own a home.
I live in a dorm. At a school in another state.
Apparently their "prescreening" folks can't even figure things out when they have a large chunk of my personal information staring them in the face.
Never mistake "can" for "should".
I work my butt off to pay for school, because my parents won't give me a dime. And yet, the "expected family contribution" as decided by my parents' tax documents still shows up, every year. The "expected student contribution" is generally a few hundred bucks, and the EFC is a little over half of my tuition...close to $5k.
.gov instead of wasting money fighting a war nobody wants.
This all fails to address the very simple fact that my parents give me nothing, and the government seems to think they should be giving me $5k/yr. Misuse my data, who cares. Just pay for my education like a good
ISU was rumored to have sold off our entire phonebook to marketers for like $2M at one point while I was a student.
Hi, you called <me/>, first class provider of premium customer service coaching for dodgey loan consolidation services providers. Before we begin, I'm obliged to tell you that this call is being recorded for customer service and validation reasons and that by continuing to use this coaching service, you are agreeing on behalf of your dodgey loan consolidation service provider to be bound by the terms and conditions available online at <free_host_where_I_posted_an_outrageous_contract>. Also you are reminded that if this is a second call by a respresentative of the dodgey loan consolidation service provider you represent, you are agreeing their behalf to the conditions of our $250000 per minute premium service as described in section 3.6a subsection z of the contract found at <free_host_where_I_posted_an_outrageous_contract>, do you understand?
.....
If things get any further.....
.....
Thank you, but I have already consolidated my loans and I'm really not interested.
Now I would advise, in order to provide the best possible customer service, you hang up. If this doesn't work for you, please call back for a premium consultation. Have a nice day. *click*
I don't therefore I'm not.
1) Open junk mail
2) Remove return envelope
3) Fold up the rest of the contents as they arrived and stuff them in the envelope
4) Send it back to them
I figure if enough people do this, it can begin to make a dent by doubling how much they pay for each mailing(how many people actually sign up with junkmail anyhow) or at least maybe they will take me off their list(doubtful) but in the worst case... I am giving them they exact pain the inflict on me by having to open worthless mail.
It is the mark of an educated mind to be able to entertain a thought without accepting it.
No shit sherlock. If most universities are moving off SSN's as PK's for students, why is the federales guv'ment still allowed to do so?
No wonder I get 2-3 loan consolidation requests a day... and 1 a week is from the same company where my loans are consolidated! Left hand, meet right hand...
"Thank you. Please spellcheck your genitalia references though.
2 credit card offers (fuck you visa, fuck you capital one), 1 "pre-approved" loan consolidation, and 2 loan offers. (get 200,000 NOW! You are pre-approved!) loans/grants used to be a way to HELP students go to college. Now they are absolutely fucking necessary to get your degree in a timely fashion. Luckily, got 15K grant, + 6K scholarship. That takes care of 1/3~ of my school costs(not including the large sum i've paid out of pocket already), hopefully I can get some more scholarships and grants to help further. I have a number of loans already, but I really don't want anymore. And yes, I also have a job + full-time school. Living costs a lot of money.
I can handle the junk mail and advertisements but what I can't handle is the complete incompetence of the financial aid department at my school. Without this database it will be a god damned nightmare getting my aid award. It's hard enough WITH the bloody database but without it god help us all.
It's pretty much a fact of life for college students... Some of the lucky ones avoid the money woes, but the endless deluge of spam and other solicitation is pretty much inevitable. I just try to live with it.
One of these days, I'm going to cut you into little pieces.
Okay, so reform is needed. But what's the solution, though? Is it legislation-based? Is it market-based? We have to make sure the solution doesn't fuck us over more than the problem it's trying to solve.
A good example of how a good idea can go wrong is Digg. It addresses one of the sore spots about Slashdot: the ability for anyone to submit news, and immediately have it viewable by others. It also opens up the comment moderation system to everyone. It's the Digg comment moderation I'd like to consider for the moment.
What we often find is that people in the know get their posts voted down, especially if they say something unpopular (even if completely factual). An example of this is noted Slashdot poster John Randolph, who goes by the handle jcr. He often speaks his mind, and that gets some people at Digg all riled up. So they moderate down his comments. This is especially true in his posts dealing with Apple, where John says it as it is. After all, John worked at Apple for a long time. He knows how things are done there. But that's not good enough for many of the morons at Digg. They bury what are perhaps the most informative, insightful and interesting comments. It's a perfect example of how a system that tries to fix Slashdot ends up being far worse in most cases.
I could see the same thing happening with proposed solutions to these data protection problems. If it's a legislation-based approach, the law will end up making database server administration far more difficult and time-consuming. A market-based approach will no doubt have even more problems.
"The use-mention distinction" is not "enforced here."
Good, inexpensive web hosting
that Cheney & Co. trolls the DB for more Iraq/n cannon fodder.
Based on the skills of some of our engineering new hires from expensive schools, I'd say the student aid itself is being misused.
It's not that simple. If the database contained only email addresses and telephone numbers, ok, noone would give too much of a shit.
Unfortunately, by the sound of it, it contains enough data for identity theft. Especially since in America a bunch of idiots decided that the SSN is usable as unique ID and/or password for everything, so anyone who knows yours already won half the battle to impersonate you. Plus the always useful (especially to a crook) information of how elligible for a loan everyone there is.
So here's a simple scenario: a crook looks through that database, finds a list of kids with upper middle class parents (you don't want to go for billionaire sons, because that might raise suspicions), also finds all the information needed to impersonate any of them to a bank, and takes a hefty "student loan" in the name of each. Just hefty enough to be worth the heist, but not quite close to the limit to raise too much suspicion and verifications. Crook buggers off with the money, and the parents are left to prove that it wasn't their offspring who took the loan. (After a round of inquisition to determine if it really was the son who blew the money on hookers, booze and dope.)
A polar bear is a cartesian bear after a coordinate transform.
Wow, a whopping $650k? What's that, two salaries plus expenses?
I think that more accurately spun "the agency has spent less than $700,000 since 2003...."
section 3, item (d)...
"To provide financial aid history information, the Department may disclose records to educational institutions and servicers."
it is supposed to make money by integrating with the 'servicers.'
my guess is it is not too hard to be considered a servicer of an educational institution.
link:http://www.ed.gov/notices/pia/nslds.pdf
i don't post quotes all that often. someone let me know if i just broke a law.
i posted this lower in the thread so it will probably be buried. check out #3, item (d).
link:http://www.ed.gov/notices/pia/nslds.pdf
they sell to 'servicers' of educational institutions and i am guessing y'all signed off on it. if you are pissed about this issue a good question might be how someone is classified as a servicer.
regards.
I've been getting credit card offers since my senior year of high school. No Child Left Behind makes it legal for schools to do pretty much whatever they want with your information, and you can't stop them (at least this was my school's excuse). Furthermore, from what I've been told, the school is required to give information to any military branch that requests it.
How do I know it's the school that's been doing it? They've always spelled my name Zajary instead of Zakary on all their mailings, and that's who these are addressed to (on the plus side, I can't legally open these letters since they aren't addressed to me).
Yet another great policy from our Government.
There are massive databases that track people and a subsets of those that track students and alumni. I wouldn't say that the NSLC is the only source of data. Almost every large school and community college has a bank with a branch on campus promoted through the school and they will sell your information and data. When you graduate and leave school you usually get on an alumni list that in turn feeds other sources, and so on, and so on. State and federal agencies also get data feeds from colleges (other than NSLC). If your college uses a service to clean up names and addresses, well guess who now has a name, address and part of a social security number in some cases? Yup, that organization and the database they use/feed, and the database its uses/feeds, all the way up to the big database. Guess who also uses the big database; mass marketers.
The point is, once your name gets in a list then the spam will come and mass marketing will come. And that list never gets updated with info like you graduated, or dropped out, etc.; you're just a name and they will continue to spam you even if you've moved, got a jobs, paid your loans or even died in a car crash.
I'm not advocating any of this but it is simple a fact. Once you are a student there are a number of ways you can end up on a list and many of them are uncontrolled and some the college in question is legally required to use/feed.
Oh and the only way to get rid of a social security number as a means of identification is to provide a better universal ID. Seriously.
-Phil
Shoot questions, first ask later...
I think I know the answers to some of those:
Why does the database system fulfill illegal search requests?
Because it's not a lawyer and doesn't have the information to know who's breaking the law by what request. (Note, those are separate reasons.)
Do those who have been searching illegally still have access? If so, why?
Yes, because no one knows yet they did an illegal search and even if they did, the university would have too much to gain by keeping their business.
What punishment exists for violating the regulations on what searches are allowed?
A stern warning not to do it again.
How much of the data stored on each student do these lenders actually have legitimate reason to know?
In the sense that you mean it, very little. In the sense that the law allows, more than you're comfortable with. In the sense that the university has permitted the data to be accessed, all of it.
What hoops does a lender have to jump through to get access to the database?
Must have a business relationship with the university that is profitable to the latter.
Apology to Ubuntu forum.
that we have a privacy bill of rights in the US.
This would give individuals rights around information that government and third parties collect on them, the most important being informed consent. It should be a crime to divulge or acquire electronic records without informed consent of the subject, excepting national intelligence and criminal investigation. Furthermore the right of informed consent by manadatory opt-in should be inalienable. Right now the status of privacy rights in the US can be summed up, to a first approximation, as this: if you can get your hands on a piece of information about somebody without breaking a law, it's yours to do with as you please for whatever you please.
If the government collects information about you, and it is divulged in a way that is not clearly illegal, then it becomes fair game. If you sue or are sued, the records of that suit, win, lose, or settled, can be harvested and put into commercial intelligence databases on you. If you sue your employer, you may find it hard to get a job afterwards. The records are made public to ensure the fair operation of the courts, but the same process exposes you to unfair judgment in an invisible (to you) commercial database.
Civilization will not come to an end if people are participants in how their information is used and divulged. Such rights are guaranteed in Europe via the European Convention on Human Rights. Harmonizing our laws with Europe will be good in the long term for our industry. Right now we are operating under an exception that allows EU data to be processed by American companies that promise to follow EU guidelines. But information privacy is not valued at all by companies here and therefore they aren't any good at it. It's only a matter of time before some horrible mishandling of data puts this on the trade agenda again.
Bringing ourselves up to scratch with the best international standards would be better for our citizens than digging in our heels. It would hurt some individual companies, but in the long run will allow American companies to compete better in a global services economy.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I've been out of school since last Fall, and the past couple months I've been getting 2-3 letters a week from "Joe Bob Student Loan Debt Consolidation" Don't wait, consolidate now for 3-8%. While I do want to get a debt consolidation loan, it's downright scary when you have a couple hundred options and no idea what is legit. What worries me the most! How does Joe Bob know I have exactly x dollars on my Federal student loans? Shouldn't that be private?
They just now noticed, did they?
http://twitter.com/OLDTELEGRAM
because there are cliques here and they do the same thing you claim that happens on Digg. People of certain beliefs will without reason mod down anything they don't like regardless of the truth of the statements. (Its probably the best reason to never EVER look at the political section of /.)
Legislation to change the laws to make all lenders EQUAL is what is needed. Also, get the government out of the loan business and just into guaranteeing it. Let the market assign the risks. If the government thinks the market is charging to much then it can investigate.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
A few days ago i requested an information packet from a local technical college via an online request form. i used my cell phone for the phone number. Today i received a call from a student loan consolidation company on my cell phone. I missed the call, but called it right back and the guy who answered the phone said he was from this loan consolidation company. I asked why they called me and he asked if i was interested in a student loan. I said I don't have any (I don't) and please take me off your list. He asked what my name was, but I made him look me up by phone number, and when he did he asked me if i was $MY_NAME and attended $THAT_SCHOOL. I denied knowing that person and had him put me down for wrong number. I called the phone number on the schools site, and told them about this, and the girl who answered the phone was just someone who answers the phone and transfers people, and said she had no idea that the personal data gets handed along. Then she asked my name and said she was going to transfer my name to a customer complaint deprtment or some such but i said "No thanks, just pass along the message." Needless to say i will not be attending that school.
Where the hell to you think the million consolidation ads I get a year come from? They always look like bills, but are applications to consolidate.
Also where the hell do you think all the credit card applications come from?
Explain that one.
_buzlink_
- I don't send enough to make bulk mailing worth my while (presorting, bulk license fees, etc.), and
- I get a better response rate when I use a first class stamp--probably because more people open the letter
I know some folks in my business who even go so far as to pay senior citizens in nursing homes to hand address their direct mail for them. Just trying to eek out that last % or two in response, I suppose.They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Federal laws being violated? Arrest and convict the person in the highest level of authority who knew or should have known this was happening. Strip that person of all assets and make him spend decades in prison.
We have laws, and a penal system that exists as a deterrent for violating those laws. Bank executives don't have immunity. Do it, completely destroy a few of these people who think they are above the law because of their positions of authority and their billions of dollars, and the rest will think twice before making the same mistake.
-fb Everything not expressly forbidden is now mandatory.
>If "they" have access to my data then why cant they see that I no longer need/want any help?
They can see that you are paying someone else regularly. If they could convince you that you could have an even better deal, they win. Do you have a home mortgage? It's even worse with that.
-fb Everything not expressly forbidden is now mandatory.
Why does the database system fulfill illegal search requests?
A. It does not know they are illegal
Do those who have been searching illegally still have access? If so, why?
A. They went in and did the search; they figured they would ask about legality later.... all is fair in the game of Corp business as long as the ref is not looking.
What punishment exists for violating the regulations on what searches are allowed?
A. Completely negligible when you are talking about the 100's of millions of dollars that can be realized from these searches.
How much of the data stored on each student do these lenders actually have legitimate reason to know?
A. None, but that will not stop them because the people who regulate access to this data do not I. care enough to do the diligence II. Do not have the resources to the diligence III. Do not have the political will to do the diligence.
What hoops does a lender have to jump through to get access to the database?
A. Whoop, there it is!!